Taylor, good video, I have a question, the result that MISP gives me in data.misp.value is the name of the domain, not the IP address of the malicious domain. What do I have to modify to obtain the IP and trigger the event to generate the rule in the firewall? Cheers and thanks for your time !
@Sebas-lk3jv Жыл бұрын
How about blocking ip from bruteforce attack. it seems to be the most common attack on windows.
@alejandroparrello6493 Жыл бұрын
Hi dear Taylor! Whish you are well! Excelent work! Could you tell me why it needed PS7 for this purporses? With built-in doesn't work? Thank you in advance! Regards form Argentina! 😉🙌
@МаксимКиселёв-б9з10 ай бұрын
Taylor, good video, I have a question, the result that MISP gives me in data.misp.value is the name of the domain, not the IP address of the malicious domain. What do I have to modify to obtain the IP and trigger the event to generate the rule in the firewall?
@gufrankhan3007 Жыл бұрын
@Taylor am following your vids but i can't able to find MSIP value even security events. Is this changed now.
@waynescroggins40578 ай бұрын
I love the video, but I am running into an issue. Instead of using MISP, I simply wanted to block on either rule 60122 or 60204 but it does not appear that either are fireing the firewall.cmd at all. Did I miss something? My instalation is the all-in-one vanilla and my agents were installed with the powershell command, but even when I change the executable to the restart wazu agent, I do not see it function. It feels like there is one switch somewhere that I need to set, but I see none anywhere. Can you assist? Thanks
@naseraslam922 жыл бұрын
Well explained, Thank you so much, it is very helpful especially for beginners.
@byt3b4dger2 жыл бұрын
Hello together, first of all many thanks for the very informative videos! I'm stuck on one problem...how can I search all agents for a specific installed software? As an example: I want to know on which hosts Firefox is installed. Can this be done via a visualization or via API and if so, how? Thanks in advance and keep up the good work!
@ChrisForbes5092 жыл бұрын
OSQuery?
@zenitsuagatsuma32642 жыл бұрын
Hello Sir, really liked your videos! can we only add the ip address that matched with MISP entries with no removal from windows firewall after settled time, in order to permanently block the IP ? if yes, can u send some guide please :)